Appl. No. 09/864.593 

Amdt. Dated August 23, 2006 

Reply to Office action of June 23, 2006 

Attorney Docket No. P13556-US1 

EUS/J/P/06-3227 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1-7. (Canceled) 

8. (Currently Amended) A network device for implementing Internet 
Protocol Security, comprising: 

at least one Internet Protocol forwarder (IPFW) arranged to receive IP packets, 
each IP packet having be i ng assoc i at e d with a Security Association (SA), the at least 
one IP fon/varder is further arranged to determine the destination of each IP packet and 
to forward each IP packet to its destination; 

a plurality of security procedure modules coupled to the at least one IP forwarder 
and arranged to implement security procedures for received IP packets in parallel , the 
plurality of security modules being coupled together to allow forwarding of an IP packet 
from one security procedure module to another : and 

a security controller arranged to allocate negotiated SAs among the security 
procedure modules and to notify the security procedure modules and the at least one IP 
foHA/arder of the allocation, whereby the at least one IP forwarder can send IP packets 
to the security procedure module implementing the associated SA. 

9. (Canceled) 

10. (Previously Presented) A device according to claim 8, wherein the 
security controller is responsible for creating and modifying IP packet filters in the at 
least one IP forwarder, and the filters are responsible for routing IP packets to the 
security procedure modules. 
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11. (Previously Presented) A device according to claim 10, wherein the 
filtering of packets is carried out using at least one selector, the at least one selector 
being the Security Parameter Index (SPI), which is contained in the header of the IP 
packets and identifies a SA. 

12. (Previously Presented) A device according to claim 8, wherein the 
security controller is coupled to an Internet Key Exchange (IKE) module which is 
responsible for negotiating SAs with peer IKE modules, and the security controller is 
arranged to receive from the IKE module details of negotiated SAs. 

13. (Currently Amended) A device according to claim 8, wherein at least one of 
the at least one IP forwarder, the security procedure modules, and the security 
controller are implemented in at least one of software, hardware, and a combination of 
hardware and software. 

14. (Currently Amended) A method of processing IP packets at a network 
device, the method comprising the steps of: 

allocating negotiated Security Associations (SAs) among a plurality of security 
procedure modules arranged to implement security procedures for received IP packets^ 
wherein the plurality of security procedure modules are coupled together to allow the 
fonA/arding of an IP packet from one security procedure module to another : 

notifying the plurality of security procedure modules and at least one IP forv\/arder 
of said allocation; and 

receiving IP packets at the at least one IP forwarder, identifying the SAs 
associated with the packets, and forwarding the packets to the plurality of security 
procedure modules implementing the associated SAs. 

15. (Canceled) 
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